From: Miklos Szeredi <miklos@szeredi.hu>
To: Simon Thoby <work.viveris@nightmared.fr>
Cc: CONZELMANN Francois <Francois.CONZELMANN@viveris.fr>,
"Eric W . Biederman" <ebiederm@xmission.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] fuse: enable unprivileged mounts for fuseblk
Date: Mon, 7 Nov 2022 14:29:29 +0100 [thread overview]
Message-ID: <CAJfpegspZ5UJJQZNi6Rdn6wPDfoZE6REFJ-XXX3sebhrHnQ=uw@mail.gmail.com> (raw)
In-Reply-To: <20221016170046.171936-1-work.viveris@nightmared.fr>
On Sun, 16 Oct 2022 at 19:00, Simon Thoby <work.viveris@nightmared.fr> wrote:
>
> Commit 4ad769f3c346ec3d458e255548dec26ca5284cf6 ("fuse: Allow fully
> unprivileged mounts") enabled mounting filesystems with the 'fuse' type for
> any user with CAP_SYS_ADMIN inside their respective user namespace, but did
> not do so for the 'fuseblk' filesystem type.
>
> Some FUSE filesystems implementations - like ntfs-3g - prefer using
> 'fuseblk' over 'fuse', which imply unprivileged users could not use these
> tools - in their "out-of-the-box" configuration, as these tools can always
> be patched to use the 'fuse' filesystem type to circumvent the problem.
>
> Enable unprivileged mounts for the 'fuseblk' type, thus uniformizing the
> behavior of the two FUSE filesystem types.
>
> Signed-off-by: Simon Thoby <work.viveris@nightmared.fr>
NAK in this form.
Please look at all the places where there's a difference between the
fuse and the fuseblk behavior and give proof that they won't result in
a security issue in case fuseblk is mounted unprivileged.
As a possibly much better alternative, try modifying the ntfs-3g code
to be able to work using the "fuse" fs type as well.
Thanks,
Miklos
fuseblk enables synchronouse RELEASE and DESTROY requests that are
unsuitable for unprivileged operation.
Thanks,
Miklos
prev parent reply other threads:[~2022-11-07 13:30 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-16 17:00 [PATCH] fuse: enable unprivileged mounts for fuseblk Simon Thoby
2022-11-07 13:29 ` Miklos Szeredi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJfpegspZ5UJJQZNi6Rdn6wPDfoZE6REFJ-XXX3sebhrHnQ=uw@mail.gmail.com' \
--to=miklos@szeredi.hu \
--cc=Francois.CONZELMANN@viveris.fr \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=work.viveris@nightmared.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).